Phishing Scams

How Phishing Scams Work

Phishing scams are now a part of everyday life. It’s important that you know how to spot one and avoid becoming a victim.

Overview of Phishing Scams

Phishing scams are just another attempt to get valuable information. Scammers send a mass email to every address they can find. Typically the message will appear to come from a bank or financial institution. The email states that you should update your information for one reason or another, and they usually provide a link that you can click to do so.

This all sounds reasonable and it may look legitimate, but phishing scams are anything but legitimate. The link provided does not take you to the financial institution’s website. Instead, you’ll be submitting your information to a website run by the scammers.

Why Scammers Use Phishing Scams

Why would somebody do this? Well, you can gather a lot of juicy information with a phishing scam. First, you can get somebody’s account number and password. Then you can try to hijack their assets. Some phishing scams ask for all of your personal information (SSN, mother’s maiden name, date of birth, etc) so that they can steal your identity and open credit accounts in your name. Some victims of phishing scams have given up their credit card numbers only to find that the card was used fraudulently.

Why People Fall for Phishing Scams

Anybody can be tricked by a sophisticated phishing scam. Simple phishing scams are easy to spot, but the best scammers are actually pretty smart.

They use a variety of tricks to make the phishing scam look like a legitimate process. For example, they might include a graphic from the bank right on the email message or website. Or, the link provided in the email may look like it goes to the bank’s website while the victim is actually sent to a very different site.

How to Spot Phishing Scams

It is easy to uncover a crude phishing scam. For example, if you get an email from a bank you’ve never opened an account at, then don’t follow the link and enter your personal information. Now, if you actually have an account at the institution it gets more interesting.

You’ll want to look at the message carefully to see if it is a phishing scam. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.

You should also examine the link provided. Does it really go where it appears to go? For example, I could tell you that I’m giving you access to the government’s Top Secret Database at https://www.TopSecretDatabase.gov but if you click the link you’ll find that you’ve been directed to a different site. The best way to prevent this is to copy and paste the link (don’t click it) to your address bar. However, you can still get tricked by URL’s that look legitimate but have one or two letters switched.

The best way to avoid becoming a phishing scam victim is to use your best judgment. No financial institution with any sense will email you and ask you to input all of your sensitive information. In fact, most institutions are informing customers that “We will never ask you for your personal information via phone or email”.

Advice for Victims of Phishing Scams

If you have been snagged by phishing scams in the past, you need to be vigilant. First, let your financial institution know what happened. They will likely want to pursue the scammer, and they will monitor your account more closely. Next, I always suggest that victims of phishing scams put a fraud alert on their credit report by contacting one of the major credit agencies. Finally, you’ll need to keep a close eye on your mail and your accounts. If statements stop showing up or if you see unusual activity, call your bank immediately.

How You Can Prevent Phishing Scams

Let’s all work together to prevent phishing scams. If you receive a suspicious email, report it. You can send it to the US Federal Trade Commission at spam@uce.gov or you can just click the “Report as Junk” (or similar) button on your email program.